<?php
session_start(); //Starts sessions
if(isset($_SESSION['userNum'])){ //If the session variable is already set, get all session variables
$userNum = $_SESSION['userNum'];
$server = $_SESSION['server'];
$user = $_SESSION['user'];
$pass = $_SESSION['pass'];
$db = $_SESSION['db'];
}else{
header('Location: home.php');//else, redirect user to home
}
?>
<html>
<head>
<title>Candidates - APC Voting System</title>
<style type="text/css">
.style1 {
	border-collapse: collapse;
}
.style2 {
	border-collapse: collapse;
	background-image: url('images/bg.png');
}
</style>
</head>

<body style="background-image:url('images/bg_blue.jpg')">
<div style="position:absolute;left:75px;top: 0px">
<font face = "Arial">
<table style="width: 810px; height: 104px" border="0" cellspacing="0" cellpadding="0" class="style1">
<tr>
<td colspan="6" style="height: 104px">
<img src="images\header.png"></td>
</tr>
</table>

<table style="width: 810px" background="images\menu.png" cellspacing="0" cellpadding="0">
<tr >
<td style="width: 11px; height: 40px">
&nbsp;</td>
<td style="width: 84px; height: 40px">
<a href="home.php"><img src="images\homeS.png"></a></td>
<td style="width: 84px; height: 40px">
<a href="vote.php"><img src="images\voteS.png"></a></td>
<td style="width: 84px; height: 40px">
<a href="candidates.php"><img src="images\candidateS.png"></a></td>
<td style="width: 84px; height: 40px">
<?php //Admin button will show for admins, Result button for voters
	//Connect to database first
	mysql_connect($server,$user,$pass) or die(mysql_error());
	mysql_select_db($db) or die(mysql_error());
	$checkPermission = mysql_query("SELECT voter_permission from voters where voter_num = '".$userNum."'");
		while($row = mysql_fetch_array($checkPermission)){
		$permission = $row['voter_permission']; //Get the permission of user
		}
	if($permission == 'Admin'){ //If the user is an Administrator
	    echo "<a href='admin.php'><img src='images\adminS.png'></a>";		
	}elseif($permission == 'Voter'){ // If the user is a Voter
	    echo "<a href='results.php'><img src='images/resultS.png'></a>";
	}else{
        //Do nothing - no button will be shown
	}
?>
</td>
<td style="width: 447px; height: 40px">
</td>
<td style="width: 84px; height: 40px">
<a href="logout.php"><img src="images\logoutS.png"></a></td>
</tr>
</table>
<table style="width: 810px; height: 73px" cellspacing="0" cellpadding="0" class="style2">
<tr>
<td style="height: 76px; width: 28px;"></td>
<td style="height: 76px" width="808px">
<?php
//define a maxim size for the uploaded images in Kb
 define ("MAX_SIZE","100"); 

//This function reads the extension of the file. It is used to determine if the file  is an image by checking the extension.
 function getExtension($str) {
         $i = strrpos($str,".");
         if (!$i) { return ""; }
         $l = strlen($str) - $i;
         $ext = substr($str,$i+1,$l);
         return $ext;
 }

//This variable is used as a flag. The value is initialized with 0 (meaning no error  found)  
//and it will be changed to 1 if an error occures.  
//If the error occures the file will not be uploaded.
 $errors=0;
//checks if the form has been submitted
 if(isset($_POST['Submit'])) 
 {
 	//reads the name of the file the user submitted for uploading
 	$image=$_FILES['image']['name'];
 	//if it is not empty
 	if ($image) 
 	{
 	//get the original name of the file from the clients machine
 		$filename = stripslashes($_FILES['image']['name']);
 	//get the extension of the file in a lower case format
  		$extension = getExtension($filename);
 		$extension = strtolower($extension);
 	//if it is not a known extension, we will suppose it is an error and will not  upload the file,  
	//otherwise we will do more tests
 if (($extension != "jpg") && ($extension != "jpeg") && ($extension != "png") && ($extension != "gif")) 
 		{
		//print error message
 			echo '<h1>Unknown extension!</h1>';
 			$errors=1;
 		}
 		else
 		{
//get the size of the image in bytes
 //$_FILES['image']['tmp_name'] is the temporary filename of the file
 //in which the uploaded file was stored on the server
 $size=filesize($_FILES['image']['tmp_name']);

//compare the size with the maxim size we defined and print error if bigger
if ($size > MAX_SIZE*1024)
{
	echo"<br><font color = 'red'>Max Image size is 1024</font>";
	$errors=1;
}

//we will give an unique name, for example the time in unix time format
$image_name=time().'.'.$extension;
//the new name will be containing the full path where will be stored (images folder)
$newname="images/".$image_name;
//we verify if the image has been uploaded, and print error instead
$copied = copy($_FILES['image']['tmp_name'], $newname);
if (!$copied) 
{
	echo"<br><font color = 'red'>Image upload unsuccessful</font>";
	$errors=1;
}}}}

//If no errors registred, print the success message
 if(isset($_POST['Submit']) && !$errors) 
 {
 	echo"<br><font color = 'lime'>Image upload successful</font>";
 }

 ?>

 <!--next comes the form, you must set the enctype to "multipart/frm-data" and use an input type "file" -->
 <form name="newad" method="post" enctype="multipart/form-data"  action="">
 <table>
 	<tr><td><input type="file" name="image"></td></tr>
 	<tr><td><input name="Submit" type="submit" value="Upload image"></td></tr>
 </table>	
 </form>
</td>
</tr>
</table>
<br><br><br><br><br>
</div>
<div style="position:fixed;left:72px;bottom: -5px">
<table>
<tr>
<td width="8px" colspan="2"><img src="images\end.png"></td>
</tr>
</table>
</div>
</body>
</html>
